LinkedIn sued over hacking incident that exposed six million passwords

LinkedIn (s lnkd) will get to connect with a federal judge after an embarrassing security breach in early June. The social network for professionals has been hit with a class action seeking at least $5 million over an incident that exposed millions of user passwords.

A complaint filed in San Jose cites a “troubling lack of security measures” and accuses LinkedIn of negligence and breach of contract for failing to encrypt its user database with industry standard security measures. The incident resulted in hackers posting users’ information online but it is not yet clear how much data they obtained.

Advertisement

The lead plaintiff in the case is Katie Szpryka who paid for an upgraded account with the social network. The lawsuit, which also covers a separate class of users with free accounts, adds that LinkedIn breached California consumer protection laws. It cites a FTC complaint from 2003 in which the federal regulator accused the Guess! clothing company of unfair trade practices for storing customer information in an unencrypted database with poor security.

The case is likely to turn on whether LinkedIn did enough to protect its users accounts and whether it did enough to notify users of the hacking incident. The breach was first reported by a Norwegian security firm and then publicized by numerous technology sites but LinkedIn appears to have dithered for more than twelve hours before telling users that data had been compromised.

Critics claim LinkedIn should have used a common practice known as “salting” to make the passwords harder to decrypt.

The LinkedIn case is just the latest in a parade of class actions in which technology companies stand accused of violating user privacy. As we reported yesterday in regard to the latest $10 million Facebook settlement, money from the lawsuits rarely goes to users.

The complaint is below. It was first reported by CourtHouse news service.

yay i expect somethin for my pass and all my info for being stolen…… sheeze im upset that not only that my account on their was stolen but also other sites.. best thing to do is to change passwords.. im not sure i see anything wrong that linkedin did, but if it comes to it o well ill be waiting for somethin maybe like a dollar

Good they are sued. These password leaks are getting old and should be stopped, especially since it’s so easy to do so. Though, I agree with the article in it’s shaded statement that only lawyers gain from such suits, and not end users.